DHS Data Leak: A Tale of Insiders and Stolen IP

Building on a story that first broke in November 2017, the Department of Homeland Security (DHS) just released additional details regarding the leak of personal information of 246,000 DHS employees. Insiders and intellectual property (IP) theft are at the core of the story.

Data Leak Timeline and Details

In May 2017, the DHS discovered personally identifiable information (PII) on DHS employees on the home computer of a DHS employee.

“Also discovered on the server was a copy of 159,000 case files from the inspector general’s investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell…”

On the heels of this article, the NY Times reported that three employees in the inspector general’s office for the DHS stole a computer system (containing the personal information) with plans to “modify the office’s proprietary software for managing investigative and disciplinary cases so that they could market and sell it to other inspector general offices across the federal government”. According to the Times report, investigators believe the suspects intended to use the data to help develop and test their own version of the system.

DHS notified select employees on January 3, 2018 that “ they may have been impacted by a privacy incident …The privacy incident did not stem from a cyber-attack by external actors, and the evidence indicates that affected individual’s personal information was not the primary target of the unauthorized transfer of data.”

Impacted individuals include approximately 247,167 current and former federal employees of DHS in 2014, and subjects, witnesses, or complainants associated with a DHS OIG investigation from 2002 through 2014.

PII for employees includes names, Social Security numbers, dates of birth, positions, grades, and duty stations. PII for individuals associated with an investigation varied, but could include names, Social Security numbers, dates of birth, email addresses, phone numbers, and addresses.

In an FAQ on their website, DHS explained the delay between discovery in May and notification in December:

“The investigation was complex given its close connection to an ongoing criminal investigation…DHS conducted a thorough privacy investigation, extensive forensic analysis of the compromised data, an in-depth assessment of the risk to affected individuals, and comprehensive technical evaluations of the data elements exposed. These steps required close collaboration with law enforcement investigating bodies to ensure the investigation was not compromised.”

In their news release, the DHS indicated they will be taking steps to better identify unusual access patterns by users. This is a step every organization should take to protect data. Employee monitoring software allows organizations to track data access, including file transfer tracking and email transfers. So, not only can you protect your IP, but you can protect your employees’ information, as well. Click below to learn more about Teramind.

Marianna Noll is a Maryland-based writer with an interest in the impact that technology has on organizations and users. She writes about software, user adoption and engagement with software, and IT security.